Reference Architecture: GenUI Copilot UI
Product forces
GenUI copilots optimize for safe AI-assisted workflows where the system can retrieve context, reason, stream progress, choose approved UI components, and request tool actions under policy.
Architecture sketch
Default decisions
| Area | Default |
|---|---|
| UI generation | model may select from approved schemas, not arbitrary code |
| tools | risk-classified, server-authorized, auditable, idempotent where possible |
| retrieval | citations visible when decisions depend on retrieved sources |
| streaming | progress events separate from final UI state |
| safety | prompt injection handling, policy gateway, kill switches |
| evaluation | golden tasks, regression evals, human review for high-risk flows |
Critical risks
- Treating model output as trusted UI code.
- Client-side tool permission checks only.
- Hidden retrieved evidence or unverifiable answers.
- No eval suite before changing prompts/models/tools.
- No kill switch for unsafe tool classes.
Review checklist
- Is every generated UI element backed by an approved component schema?
- Are tool calls authorized server-side?
- Are high-risk actions gated by confirmation and audit?
- Can users inspect citations or evidence?
- Do evals cover prompt injection, retrieval failure, and unsafe action attempts?
Exercises
- Classify five copilot tools by risk.
- Design a component registry contract for cards, tables, forms, and actions.
- Write an eval matrix for a retrieval-grounded workflow.
Source lens
Pair this with Part XIII GenUI architecture, the GenUI review packet, and the GenUI capstone.